diff options
author | Virendra Thakur <virendrak@kpit.com> | 2023-12-22 12:40:41 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-12-29 05:29:14 -1000 |
commit | 0aa12e491969eac7050b6b2c6665a3fdbc070c3d (patch) | |
tree | 000047927b0dfdd2185bd1f56366d6203532c67b | |
parent | 3433d043c7ecd8368400be5dcc3a9705b237dd57 (diff) | |
download | poky-0aa12e491969eac7050b6b2c6665a3fdbc070c3d.tar.gz |
binutils: fix multiple cve
Fix below CVE's
CVE-2022-47007
CVE-2022-47008
CVE-2022-47010
CVE-2022-47011
CVE-2022-48063
CVE-2022-47695
(From OE-Core rev: 873163936937a583278e3cd97c6226935f2faa0c)
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
7 files changed, 273 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc index 4824db6dcf..032263fe63 100644 --- a/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/meta/recipes-devtools/binutils/binutils-2.34.inc | |||
@@ -56,5 +56,11 @@ SRC_URI = "\ | |||
56 | file://CVE-2023-25588.patch \ | 56 | file://CVE-2023-25588.patch \ |
57 | file://CVE-2021-46174.patch \ | 57 | file://CVE-2021-46174.patch \ |
58 | file://CVE-2023-25584.patch \ | 58 | file://CVE-2023-25584.patch \ |
59 | file://CVE-2022-47007.patch \ | ||
60 | file://CVE-2022-47008.patch \ | ||
61 | file://CVE-2022-47010.patch \ | ||
62 | file://CVE-2022-47011.patch \ | ||
63 | file://CVE-2022-48063.patch \ | ||
64 | file://CVE-2022-47695.patch \ | ||
59 | " | 65 | " |
60 | S = "${WORKDIR}/git" | 66 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch new file mode 100644 index 0000000000..ddb564bc8c --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | From 0ebc886149c22aceaf8ed74267821a59ca9d03eb Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Fri, 17 Jun 2022 09:00:41 +0930 | ||
4 | Subject: [PATCH] PR29254, memory leak in stab_demangle_v3_arg | ||
5 | |||
6 | PR 29254 | ||
7 | * stabs.c (stab_demangle_v3_arg): Free dt on failure path. | ||
8 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb] | ||
9 | CVE: CVE-2022-47007 | ||
10 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
11 | Comment: Patch refreshed based on codebase. | ||
12 | --- | ||
13 | binutils/stabs.c | 5 ++++- | ||
14 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/binutils/stabs.c b/binutils/stabs.c | ||
17 | index 2b5241637c1..796ff85b86a 100644 | ||
18 | --- a/binutils/stabs.c | ||
19 | +++ b/binutils/stabs.c | ||
20 | @@ -5476,7 +5476,10 @@ | ||
21 | dc->u.s_binary.right, | ||
22 | &varargs); | ||
23 | if (pargs == NULL) | ||
24 | - return NULL; | ||
25 | + { | ||
26 | + free (dt); | ||
27 | + return NULL; | ||
28 | + } | ||
29 | |||
30 | return debug_make_function_type (dhandle, dt, pargs, varargs); | ||
31 | } | ||
32 | |||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch new file mode 100644 index 0000000000..9527390ccf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | From d6e1d48c83b165c129cb0aa78905f7ca80a1f682 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Fri, 17 Jun 2022 09:13:38 +0930 | ||
4 | Subject: [PATCH] PR29255, memory leak in make_tempdir | ||
5 | |||
6 | PR 29255 | ||
7 | * bucomm.c (make_tempdir, make_tempname): Free template on all | ||
8 | failure paths. | ||
9 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682] | ||
10 | CVE: CVE-2022-47008 | ||
11 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
12 | Comment: Patch refreshed based on codebase. | ||
13 | --- | ||
14 | binutils/bucomm.c | 20 +++++++++++--------- | ||
15 | 1 file changed, 11 insertions(+), 9 deletions(-) | ||
16 | |||
17 | diff --git a/binutils/bucomm.c b/binutils/bucomm.c | ||
18 | index fdc2209df9c..4395cb9f7f5 100644 | ||
19 | --- a/binutils/bucomm.c | ||
20 | +++ b/binutils/bucomm.c | ||
21 | @@ -542,8 +542,9 @@ | ||
22 | #else | ||
23 | tmpname = mktemp (tmpname); | ||
24 | if (tmpname == NULL) | ||
25 | - return NULL; | ||
26 | - fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); | ||
27 | + fd = -1; | ||
28 | + else | ||
29 | + fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600); | ||
30 | #endif | ||
31 | if (fd == -1) | ||
32 | { | ||
33 | @@ -561,22 +562,23 @@ | ||
34 | make_tempdir (const char *filename) | ||
35 | { | ||
36 | char *tmpname = template_in_dir (filename); | ||
37 | + char *ret; | ||
38 | |||
39 | #ifdef HAVE_MKDTEMP | ||
40 | - return mkdtemp (tmpname); | ||
41 | + ret = mkdtemp (tmpname); | ||
42 | #else | ||
43 | - tmpname = mktemp (tmpname); | ||
44 | - if (tmpname == NULL) | ||
45 | - return NULL; | ||
46 | + ret = mktemp (tmpname); | ||
47 | #if defined (_WIN32) && !defined (__CYGWIN32__) | ||
48 | if (mkdir (tmpname) != 0) | ||
49 | - return NULL; | ||
50 | + ret = NULL; | ||
51 | #else | ||
52 | if (mkdir (tmpname, 0700) != 0) | ||
53 | - return NULL; | ||
54 | + ret = NULL; | ||
55 | #endif | ||
56 | - return tmpname; | ||
57 | #endif | ||
58 | + if (ret == NULL) | ||
59 | + free (tmpname); | ||
60 | + return ret; | ||
61 | } | ||
62 | |||
63 | /* Parse a string into a VMA, with a fatal error if it can't be | ||
64 | |||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch new file mode 100644 index 0000000000..d831ed4756 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 0d02e70b197c786f26175b9a73f94e01d14abdab Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Mon, 20 Jun 2022 10:39:31 +0930 | ||
4 | Subject: [PATCH] PR29262, memory leak in pr_function_type | ||
5 | |||
6 | PR 29262 | ||
7 | * prdbg.c (pr_function_type): Free "s" on failure path. | ||
8 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0d02e70b197c786f26175b9a73f94e01d14abdab] | ||
9 | CVE: CVE-2022-47010 | ||
10 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
11 | Comment: Patch refreshed based on codebase. | ||
12 | --- | ||
13 | binutils/prdbg.c | 7 ++----- | ||
14 | 1 file changed, 2 insertions(+), 5 deletions(-) | ||
15 | |||
16 | diff --git a/binutils/prdbg.c b/binutils/prdbg.c | ||
17 | index c1e41628d26..bb42a5b6c2d 100644 | ||
18 | --- a/binutils/prdbg.c | ||
19 | +++ b/binutils/prdbg.c | ||
20 | @@ -778,12 +778,9 @@ | ||
21 | |||
22 | strcat (s, ")"); | ||
23 | |||
24 | - if (! substitute_type (info, s)) | ||
25 | - return FALSE; | ||
26 | - | ||
27 | + bfd_boolean ret = substitute_type (info, s); | ||
28 | free (s); | ||
29 | - | ||
30 | - return TRUE; | ||
31 | + return ret; | ||
32 | } | ||
33 | |||
34 | /* Turn the top type on the stack into a reference to that type. */ | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch new file mode 100644 index 0000000000..250756bd38 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | From 8a24927bc8dbf6beac2000593b21235c3796dc35 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Mon, 20 Jun 2022 10:39:13 +0930 | ||
4 | Subject: [PATCH] PR29261, memory leak in parse_stab_struct_fields | ||
5 | |||
6 | PR 29261 | ||
7 | * stabs.c (parse_stab_struct_fields): Free "fields" on failure path. | ||
8 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8a24927bc8dbf6beac2000593b21235c3796dc35] | ||
9 | CVE: CVE-2022-47011 | ||
10 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
11 | Comment: Patch refreshed based on codebase. | ||
12 | --- | ||
13 | binutils/stabs.c | 5 ++++- | ||
14 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/binutils/stabs.c b/binutils/stabs.c | ||
17 | index 796ff85b86a..bf3f578cbcc 100644 | ||
18 | --- a/binutils/stabs.c | ||
19 | +++ b/binutils/stabs.c | ||
20 | @@ -2368,7 +2368,10 @@ | ||
21 | |||
22 | if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c, | ||
23 | staticsp, p_end)) | ||
24 | - return FALSE; | ||
25 | + { | ||
26 | + free (fields); | ||
27 | + return FALSE; | ||
28 | + } | ||
29 | |||
30 | ++c; | ||
31 | } | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch new file mode 100644 index 0000000000..101a4cdb4e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch | |||
@@ -0,0 +1,57 @@ | |||
1 | From 3d3af4ba39e892b1c544d667ca241846bc3df386 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Sun, 4 Dec 2022 22:15:40 +1030 | ||
4 | Subject: [PATCH] PR29846, segmentation fault in objdump.c compare_symbols | ||
5 | |||
6 | Fixes a fuzzed object file problem where plt relocs were manipulated | ||
7 | in such a way that two synthetic symbols were generated at the same | ||
8 | plt location. Won't occur in real object files. | ||
9 | |||
10 | PR 29846 | ||
11 | PR 20337 | ||
12 | * objdump.c (compare_symbols): Test symbol flags to exclude | ||
13 | section and synthetic symbols before attempting to check flavour. | ||
14 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=3d3af4ba39e892b1c544d667ca241846bc3df386] | ||
15 | CVE: CVE-2022-47695 | ||
16 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
17 | Comment: Patch refreshed based on codebase. | ||
18 | --- | ||
19 | binutils/objdump.c | 23 ++++++++++------------- | ||
20 | 1 file changed, 10 insertions(+), 13 deletions(-) | ||
21 | |||
22 | diff --git a/binutils/objdump.c b/binutils/objdump.c | ||
23 | index e8481b2d928..d95c8b68bf0 100644 | ||
24 | --- a/binutils/objdump.c | ||
25 | +++ b/binutils/objdump.c | ||
26 | @@ -935,20 +935,17 @@ | ||
27 | return 1; | ||
28 | } | ||
29 | |||
30 | - if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour | ||
31 | + /* Sort larger size ELF symbols before smaller. See PR20337. */ | ||
32 | + bfd_vma asz = 0; | ||
33 | + if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 | ||
34 | + && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour) | ||
35 | + asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; | ||
36 | + bfd_vma bsz = 0; | ||
37 | + if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0 | ||
38 | && bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour) | ||
39 | - { | ||
40 | - bfd_vma asz, bsz; | ||
41 | - | ||
42 | - asz = 0; | ||
43 | - if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) | ||
44 | - asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size; | ||
45 | - bsz = 0; | ||
46 | - if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0) | ||
47 | - bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; | ||
48 | - if (asz != bsz) | ||
49 | - return asz > bsz ? -1 : 1; | ||
50 | - } | ||
51 | + bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size; | ||
52 | + if (asz != bsz) | ||
53 | + return asz > bsz ? -1 : 1; | ||
54 | |||
55 | /* Symbols that start with '.' might be section names, so sort them | ||
56 | after symbols that don't start with '.'. */ | ||
57 | |||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch new file mode 100644 index 0000000000..f41c02a02b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Wed, 21 Dec 2022 11:51:23 +0000 | ||
4 | Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of | ||
5 | memory when parsing a corrupt ELF file. | ||
6 | |||
7 | PR 29924 | ||
8 | * objdump.c (load_specific_debug_section): Check for excessively | ||
9 | large sections. | ||
10 | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd] | ||
11 | CVE: CVE-2022-48063 | ||
12 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
13 | Comment: Patch refreshed based on codebase. | ||
14 | --- | ||
15 | binutils/ChangeLog | 6 ++++++ | ||
16 | binutils/objdump.c | 4 +++- | ||
17 | 2 files changed, 9 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/binutils/ChangeLog b/binutils/ChangeLog | ||
20 | index e7f918d3f65..020e09f3700 100644 | ||
21 | --- a/binutils/ChangeLog | ||
22 | +++ b/binutils/ChangeLog | ||
23 | @@ -1,3 +1,9 @@ | ||
24 | +2022-12-21 Nick Clifton <nickc@redhat.com> | ||
25 | + | ||
26 | + PR 29924 | ||
27 | + * objdump.c (load_specific_debug_section): Check for excessively | ||
28 | + large sections. | ||
29 | + | ||
30 | 2021-02-11 Alan Modra <amodra@gmail.com> | ||
31 | |||
32 | PR 27290 | ||
33 | |||
34 | diff --git a/binutils/objdump.c b/binutils/objdump.c | ||
35 | index d51abbe3858..2eb02de0e76 100644 | ||
36 | --- a/binutils/objdump.c | ||
37 | +++ b/binutils/objdump.c | ||
38 | @@ -3479,7 +3479,9 @@ | ||
39 | section->size = bfd_section_size (sec); | ||
40 | /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */ | ||
41 | alloced = amt = section->size + 1; | ||
42 | - if (alloced != amt || alloced == 0) | ||
43 | + if (alloced != amt | ||
44 | + || alloced == 0 | ||
45 | + || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd))) | ||
46 | { | ||
47 | section->start = NULL; | ||
48 | free_debug_section (debug); | ||
49 | |||